Skip to main content

Push authentication

Push notification-based authentication delivered as an API for 2FA, passwordless login, and in-application transactions on both web and mobile.

Simple user experience

Users respond to a device push notification and are presented with a simple and easy to understand decision. Approve or deny a login or in-application event, such as a money transfer or account change. No awkward codes for the user to re-enter, just approve or deny requests with a single touch.

Increased security

Unlike SMS, push authentication requests are digitally signed and fully encrypted between our service and each trusted device. The simple UI allows the user to deny unauthorized logins and transactions in real time.

Fast to implement

Delivered as a modern REST API, you can implement the Authy solution in a single sprint without worrying about availability, reliability or service security. We handle that for you. Just sign up and get started within minutes. Everything can be accessed immediately; we don’t hide our SDK or API behind a sales person.

End user support

Users change phone numbers and lose devices. We’ve built an automated system, augmented with in-person security team reviews, to support your users so they can securely recover access to their accounts. Increase your security without increasing your support burden.

"By choosing a modern technology experience like Authy, we’re communicating our security philosophy. We’re able to show our clients that Zesty.io is completely secure and innovative through the tools we’re using."

ANDY FLEMING, CTO, Zesty.io

Technology

Out-of-band

Push Authentication requests are delivered securely to trusted devices directly from our cloud API, out-of-band from your application. Responses from users are securely sent via signed callbacks direct to your application from our service.

End-to-end encryption

Unlike using SMS for 2FA, push authentication uses an RSA key pair, an encrypted channel to the devices, and digital signatures to provide a highly secure solution that is less vulnerable to phishing and other authentication attacks.

Real-time denials

Push Authentication prompts the user to verify an action; a 2FA login, money transfer or purchase. The user can deny unauthorized requests in real-time. As soon as they respond to their device, we send your application a web callback with a wealth of information you can leverage as part of your overall fraud detection and product security efforts.

Non-repudiation

To ensure you can trust and prove a response came from a specific user, responses from each device are signed by a per-device private key. Webhooks from our service are also signed to ensure you can trust that the source of the callback is Twilio and not an imposter.

Experience

Real-time response

2FA has a history of being difficult to use. Push authentication provides a very simple Approve/Deny experience directly to users. As soon as the user responds on their trusted device, the login or transaction responds immediately in your application. No extra steps for the user, no codes to enter. You can even replace the use of passwords for every day logins.

Branding

Authentication messages are fully branded. You can add your company logos, create your own login or authorization message, and pass in any details you wish to reassure the user they are responding to your trusted application’s request.

Infomative

Unlike using SMS for 2FA, push authentication presents any information you want to the end user. You can communicate details about the request they have to approve/deny, the location the login request is coming from, or what account they are trying to access and from which device.

Embeddable SDK

Embed push authentication functionality directly into your existing mobile applications for total control over your branding and the user experience. We provide SDKs for both Android and iOS development.

Scale

Millions and billions

Authy services applications with millions of users, for customers such as Twitch, Coinbase, and SendGrid. We handle billions of API calls with a solution designed to scale as you do.

Documentation

We have all the information you need to start building. Get unstuck quickly with tutorials, sample code, and extensive API documentation. Plus, we provide example cURL commands and Postman samples to accelerate your engineering efforts.

Helper libraries

Program in the language you already use with libraries available from Twilio and its community.

Access roles

Manage user permissions with unique access roles for admins, developers, support, and billing.

Why Twilio

Build on Twilio. Code with Confidence.

Best-in-class channel APIs to keep the conversation going across all channels

Global reach and unrivaled scale that supports over

8 million developers

Powerful serverless tools and fully-programmable solutions that deploy in minutes

Enterprise-grade security and reliability, powering over 190,000 respected brands